Channels

Services

Microsoft finally to close the VBScript hole in Internet Explorer

Next Tuesday, Microsoft plans to release eleven updates to close 25 security holes, including the VBScript hole in Internet Explorer that has been known for about six weeks and the DoS vulnerability in the SMB client of Windows 7 and Server 2008 disclosed in November 2009.

The updates will also fix other holes in Windows (2000 to Server 2008), Office (Publisher and Visio) and in Exchange Server (2000 to 2010). Microsoft has given top priority to five of the eleven updates because they close critical holes.

The Internet Explorer hole which involves the processing of certain UNC paths and has been known since January appears to remain unpatched. It mainly affects pre-Vista systems; on Vista and Windows 7, Internet Explorer (7 and 8) runs in protected mode, which prevents attackers from exploiting the hole.

Microsoft has also pointed out that the support of several Windows versions will be discontinued this year. No further updates for Windows 2000 will be released from the 13th of July, 2010. Windows XP Service Pack 2 will only be supported until the 13th of July, 2010. It is therefore advisable to update to SP3. Windows Vista RTM will only be supported until the 13th of April, 2010, while the support of Vista SP1 will continue until the 12th of July, 2011.